sekomi: overseer and protector of yuriJan 21
> "free" bsd
> look inside
> jail
Show threadティージェーグレェMar 23
Indeed!

I think it's telling that OS X/macOS are FreeBSD derived, yet decided not to borrow the jails subsystem.

Word choice is important.

Some of PHK's other perspectives when it comes to things related to carceral constructs are extremely harrowing to read.

But, it's one thing to be outspoken about things.

It's another, when down stream maintainers, decide to go through the hassle of making sure they do not take your bad code and ideas along with them. Speaks volumes, without saying a word! Indeed, by removing lines of code!

Good hacking. ^_^
Show threadLisPiMar 24
@teajaygrey @sekomi > decide to go through the hassle of making sure they do not take your bad code and ideas along with them

Are they actually ineffective though? Why not just search & replace (if the code actually is good)?
Show threadティージェーグレェMar 24
I think the conjecture in this instance is: jails are not good.

Word choice matters.

Maybe, if PHK had called it chroot++? He did not.
Show threadティージェーグレェ
Word choice aside: If as a precursor to paradigms such as containers, the FreeBSD jails subsystem is svelte with relatively low overhead because it's basically a filesystem abstraction.

However, because it is a filesystem abstraction, it isn't as robust as a full blown VM/hypervisor. FreeBSD also has things such as bhyve these days for folks who need that.

There are other pitfalls of containerization (not just performance penalties with VMs and hypervisors) such as bitrot (see: Docker container vulnerabilities shipping old versions of code) but IMHO, such things are too often misconstrued as security tools, when all of them are better utilized as development tools and are not great for prod (IMHO, they're the opposite of what should be deployed in prod).

There's of course, also the question of whether any of that was appropriate for Apple to adopt. Apple does have their own hypervisor framework, but they never really seemed to delve deeply into containers or chroot realms, they have their own sandboxing framework too.

It should probably be noted that Apple used to employ jkh (Jordan Hubbard, one of the co-founders of FreeBSD). I know Jordan personally. I don't know PHK personally. I don't know if the same is true of Jordan though, it's possible he knows PHK and they're on good terms.

However, when I read some of PHK's other writings (mostly on ACM as far as I can discern; though their site is variously paywalled and not easy to cite), he has a lot of perspective on the legal system and courts and his perspective, to me, screams as if it is someone who hasn't lived within the USA and contended with carceral slavery or the reality that over 90% if incarcerated individuals within the USA never even had a jury trial, and most of them end up with "plea" deals because they are so poorly "served" by so-called "public defenders". Perhaps, he might even favor slavery? He certainly seems to be of the opinion that courts and law, should supersede more or less any other realm from what I read of his writings.

Like, the more I read of him, the less I ever want to have anything to do with him, and most certainly want to stay the fuck away from his code too.

It's not sufficient to search and replace some word choices. It's best avoided entirely.

CC: @[email protected]
Mar 24 at 6:12pmWeb